This would be a huge step in the right direction but I think it's important to limit surveillance by government entities as well. After all, you have _no_ opt-out options where they are concerned.
I agree, however expect government regulation to be easier target commercial activities. I additionally am considering existing U.S. law that requires government agencies to perform PII analysis of all projects and have that information available via FOIA and OMB reporting. That does not cover non-U.S. entities.